Defining user attributes

Note: Be sure to set up a users search filter that includes the users for the groups you are synchronizing. Before you synchronize with the cloud service for the first time, test your synchronization by sending the results to a local file and carefully check that the contents match your requirements.

The NTLM Identity field defines a template for constructing the NTLM identity of the user. The default is the format “domain\username”.

The Name field defines a template for constructing a name that is used by the cloud service to identify users. This is not required if the Relative Distinguished Name (RDN) of the user is a Common Name (CN), as that will be automatically be included. The Distinguished Name (DN) can be seen on the test page by selecting Show Detail or hovering over one of the results: the RDN is the first naming component of the DN.

Including only enabled user accounts

In Active Directory, it is possible to mark user accounts as disabled. You might do this if an employee is away for a short period of time. If you want to prevent disabled user accounts from being uploaded to the cloud service, you can filter them out of the search by searching for only enabled user accounts. At the next synchronization, any disabled user accounts are removed from the cloud service.

To search for enabled accounts only, add the following to the filter in the Search filter field:

(!(userAccountControl:1.2.840.113556.1.4.803:=2))

The complete filter might then look like this:

(&(objectCategory=person)(objectClass=user)(!(userAccountCon trol:1.2.840.113556.1.4.803:=2)))